Permalink
Browse files

Merging back the branch created to bring a bunch of new plugins in li…

…ne with

the project's coding standards. Merge from revisions 2452 through 2498.

New plugins:
* OpenVAS
* SureCheck
* NeXpose
* w3af
  • Loading branch information...
1 parent b4411cd commit 0fcaec9520602a7205d6eb5e277b757f764d362f Daniel Martin committed Apr 6, 2011
Showing with 994 additions and 31 deletions.
  1. +1 −1 Thorfile
  2. +7 −0 vendor/plugins/nexpose_upload/README
  3. +22 −0 vendor/plugins/nexpose_upload/Rakefile
  4. +3 −0 vendor/plugins/nexpose_upload/init.rb
  5. +1 −0 vendor/plugins/nexpose_upload/install.rb
  6. +21 −0 vendor/plugins/nexpose_upload/lib/nexpose_upload.rb
  7. +130 −0 vendor/plugins/nexpose_upload/lib/nexpose_upload/filters.rb
  8. +13 −0 vendor/plugins/nexpose_upload/lib/nexpose_upload/meta.rb
  9. +25 −0 vendor/plugins/nexpose_upload/lib/tasks/thorfile.rb
  10. +16 −0 vendor/plugins/nexpose_upload/test/nexpose_upload_test.rb
  11. +1 −0 vendor/plugins/nexpose_upload/uninstall.rb
  12. +6 −0 vendor/plugins/openvas_upload/README
  13. +22 −0 vendor/plugins/openvas_upload/Rakefile
  14. +3 −0 vendor/plugins/openvas_upload/init.rb
  15. +1 −0 vendor/plugins/openvas_upload/install.rb
  16. +21 −0 vendor/plugins/openvas_upload/lib/openvas_upload.rb
  17. +106 −0 vendor/plugins/openvas_upload/lib/openvas_upload/filters.rb
  18. +13 −0 vendor/plugins/openvas_upload/lib/openvas_upload/meta.rb
  19. +25 −0 vendor/plugins/openvas_upload/lib/tasks/thorfile.rb
  20. +16 −0 vendor/plugins/openvas_upload/test/openvas_upload_test.rb
  21. +1 −0 vendor/plugins/openvas_upload/uninstall.rb
  22. +16 −0 vendor/plugins/surecheck_upload/README
  23. +22 −0 vendor/plugins/surecheck_upload/Rakefile
  24. +3 −0 vendor/plugins/surecheck_upload/init.rb
  25. +25 −0 vendor/plugins/surecheck_upload/install.rb
  26. +21 −0 vendor/plugins/surecheck_upload/lib/surecheck_upload.rb
  27. +68 −0 vendor/plugins/surecheck_upload/lib/surecheck_upload/filters.rb
  28. +13 −0 vendor/plugins/surecheck_upload/lib/surecheck_upload/meta.rb
  29. +72 −0 vendor/plugins/surecheck_upload/lib/surecheck_upload/parser.rb
  30. +33 −0 vendor/plugins/surecheck_upload/tasks/surecheck_upload_tasks.rake
  31. +15 −0 vendor/plugins/surecheck_upload/test/surecheck_upload_test.rb
  32. +15 −0 vendor/plugins/surecheck_upload/uninstall.rb
  33. +6 −0 vendor/plugins/w3af_upload/README
  34. +22 −0 vendor/plugins/w3af_upload/Rakefile
  35. +3 −0 vendor/plugins/w3af_upload/init.rb
  36. +1 −0 vendor/plugins/w3af_upload/install.rb
  37. +25 −0 vendor/plugins/w3af_upload/lib/tasks/thorfile.rb
  38. +23 −0 vendor/plugins/w3af_upload/lib/w3af_upload.rb
  39. +58 −0 vendor/plugins/w3af_upload/lib/w3af_upload/filters.rb
  40. +13 −0 vendor/plugins/w3af_upload/lib/w3af_upload/meta.rb
  41. +40 −0 vendor/plugins/w3af_upload/lib/w3af_upload/parser.rb
  42. +16 −0 vendor/plugins/w3af_upload/test/w3af_upload_test.rb
  43. +1 −0 vendor/plugins/w3af_upload/uninstall.rb
  44. +25 −0 vendor/plugins/wxf_upload/lib/tasks/thorfile.rb
  45. +0 −28 vendor/plugins/wxf_upload/lib/tasks/wxf_upload_tasks.rake
  46. +2 −0 vendor/plugins/wxf_upload/lib/wxf_upload.rb
  47. +2 −2 vendor/plugins/wxf_upload/lib/wxf_upload/filters.rb
View
@@ -3,7 +3,7 @@ $:.unshift(File.join(File.expand_path(File.dirname(__FILE__)), '.'))
# add the dradis core tasks, and define the namespaces for import, export, and
# upload tasks
-require 'lib/tasks/thorfile'
+require File.expand_path('../lib/tasks/thorfile', __FILE__)
# a plugin can add additional tasks to Thor by declaring tasks/thorfile.rb in
# its plugin directory - so we can keep a plugin's command line tasks bundled
@@ -0,0 +1,7 @@
+NexposeUpload
+=============
+
+Upload plugin for NeXpose vulnerability scanner.
+
+This currently only works with NeXposeSimpleXML, which is the only XML filetype available from the community edition.
+
@@ -0,0 +1,22 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the nexpose_upload plugin.'
+Rake::TestTask.new(:test) do |t|
+ t.libs << 'lib'
+ t.pattern = 'test/**/*_test.rb'
+ t.verbose = true
+end
+
+desc 'Generate documentation for the nexpose_upload plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+ rdoc.rdoc_dir = 'rdoc'
+ rdoc.title = 'NexposeUpload'
+ rdoc.options << '--line-numbers' << '--inline-source'
+ rdoc.rdoc_files.include('README')
+ rdoc.rdoc_files.include('lib/**/*.rb')
+end
@@ -0,0 +1,3 @@
+require 'nexpose_upload'
+
+Category.find_or_create_by_name(NexposeUpload::Configuration.category)
@@ -0,0 +1 @@
+# Install hook code here
@@ -0,0 +1,21 @@
+# NexposeUpload
+
+require 'nexpose_upload/filters'
+require 'nexpose_upload/meta'
+
+# This includes the import plugin module in the dradis import plugin repository
+
+module NexposeUpload
+ class Configuration < Core::Configurator
+ configure :namespace => 'nexpose'
+ setting :category, :default => 'NeXpose Scanner output'
+ setting :author, :default => 'NeXpose Scanner plugin'
+ setting :node_label, :default => 'NeXpose Output'
+ end
+end
+
+module Plugins
+ module Upload
+ include NexposeUpload
+ end
+end
@@ -0,0 +1,130 @@
+module NexposeUpload
+ private
+ @@logger=nil
+
+ public
+
+ # This method will be called by the framework when the user selects your
+ # plugin from the drop down list of the 'Import from file' dialog
+ def self.import(params={})
+ @plugin_author_name = Configuration.author
+
+ @category = Category.find_by_name(Configuration.category)
+
+ #Create a parent node for the NeXpose output
+ @nexpose_node = Node.create(:label => Configuration.node_label)
+
+ @@logger = params.fetch(:logger, RAILS_DEFAULT_LOGGER)
+ @@logger.level = Logger::DEBUG
+ @@logger.debug('started debugging')
+
+ file_content = File.read( params[:file] )
+
+ doc = Nokogiri::XML(file_content)
+
+ if doc.root.name == 'NeXposeSimpleXML'
+ hosts = parse_nexpose_simple_xml(doc)
+ else
+ error_note = Note.new(
+ :node => @nexpose_node,
+ :author => @plugin_author_name,
+ :category => @category,
+ :text => "Document doesn't seem to be a NeXpose simple report. this plugin doesn't do other NeXpose XML types as yet"
+ ).save
+ return
+ end
+
+ hosts.each do |host|
+ host_node = Node.create(:label => host['address'], :parent_id => @nexpose_node.id)
+
+ Note.create(
+ :node => host_node,
+ :author => @plugin_author_name,
+ :category => @category,
+ :text => "Host Description : #{host['description']} \nScanner Fingerprint certainty : #{host['fingerprint']}"
+ )
+
+ generic_findings_node = Node.create(:label => "Generic Findings", :parent_id => host_node.id )
+
+ host['generic_vulns'].each do |id, finding|
+ Note.create(
+ :node => generic_findings_node,
+ :author => @plugin_author_name,
+ :category => @category,
+ :text => "Finding ID : #{id} \n \n Finding Refs :\n-------\n #{finding}"
+ )
+ end
+
+ host['ports'].each do |port_label, findings|
+ port_node = Node.create(:label => port_label, :parent_id => host_node.id)
+
+ findings.each do |id, finding|
+ Note.create(
+ :node => port_node,
+ :author => @plugin_author_name,
+ :category => @category,
+ :text => "Finding ID : #{id} \n \n Finding Refs :\n-------\n #{finding}"
+ )
+ end
+
+ end
+
+
+ end
+
+
+
+ end
+
+
+ def self.parse_nexpose_simple_xml(doc)
+ results = doc.search('device')
+ hosts = Array.new
+
+ results.each do |host|
+ current_host = Hash.new
+ current_host['address'] = host['address']
+ current_host['fingerprint'] = host.search('fingerprint')[0]['certainty']
+ current_host['description'] = host.search('description')[0].text
+
+
+ #So there's two sets of vulns in a NeXpose simple XML report for each host
+ #Theres some generic ones at the top of the report
+ #And some service specific ones further down the report.
+ #So we need to get the generic ones before moving on
+ current_host['generic_vulns'] = Hash.new
+ host.xpath('vulnerabilities/vulnerability').each do |vuln|
+ current_host['generic_vulns'][vuln['id']] = ''
+
+
+ vuln.xpath('id').each do |id|
+ current_host['generic_vulns'][vuln['id']] << id['type'] + " : " + id.text + "\n"
+ end
+
+ end
+
+
+ current_host['ports'] = Hash.new
+ host.xpath('services/service').each do |service|
+ protocol = service['protocol']
+ portid = service['port']
+
+ port_label = protocol + '-' + portid
+
+ current_host['ports'][port_label] = Hash.new
+
+ service.xpath('vulnerabilities/vulnerability').each do |vuln|
+ current_host['ports'][port_label][vuln['id']] = ''
+ vuln.xpath('id').each do |id|
+ current_host['ports'][port_label][vuln['id']] << id['type'] + " : " + id.text + "\n"
+ end
+ end
+
+ end
+
+ hosts << current_host
+ end
+ return hosts
+ end
+
+end
@@ -0,0 +1,13 @@
+module NexposeUpload
+ module Meta
+ NAME = "NeXposeSimpleXML file upload"
+ # change this to the appropriate version
+ module VERSION #:nodoc:
+ MAJOR = 2
+ MINOR = 7
+ TINY = 0
+
+ STRING = [MAJOR, MINOR, TINY].join('.')
+ end
+ end
+end
@@ -0,0 +1,25 @@
+class DradisTasks < Thor
+ class Upload < Thor
+ namespace "dradis:upload"
+
+ desc "nexpose FILE", "upload NeXpose results"
+ def nexpose(file_path)
+ require 'config/environment'
+
+ logger = Logger.new(STDOUT)
+ logger.level = Logger::DEBUG
+
+ unless File.exists?(file_path)
+ $stderr.puts "** the file [#{file_path}] does not exist"
+ exit -1
+ end
+
+ NexposeUpload.import(
+ :file => file_path,
+ :logger => logger)
+
+ logger.close
+ end
+
+ end
+end
@@ -0,0 +1,16 @@
+require 'test/unit'
+
+# require Rails testing framework
+require File.dirname(__FILE__) + '/../../../../test/test_helper'
+
+# require this plugin
+$:.unshift File.dirname(__FILE__) + '/../lib'
+require File.dirname(__FILE__) + '/../init'
+
+
+class NexposeUploadTest < Test::Unit::TestCase
+ # Replace this with your real tests.
+ def test_this_plugin
+ flunk
+ end
+end
@@ -0,0 +1 @@
+# Uninstall hook code here
@@ -0,0 +1,6 @@
+OpenvasUpload
+=============
+
+Upload plugin for OpenVAS xml files. Tested with OpenVAS 3
+
+
@@ -0,0 +1,22 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the openvas_upload plugin.'
+Rake::TestTask.new(:test) do |t|
+ t.libs << 'lib'
+ t.pattern = 'test/**/*_test.rb'
+ t.verbose = true
+end
+
+desc 'Generate documentation for the openvas_upload plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+ rdoc.rdoc_dir = 'rdoc'
+ rdoc.title = 'OpenvasUpload'
+ rdoc.options << '--line-numbers' << '--inline-source'
+ rdoc.rdoc_files.include('README')
+ rdoc.rdoc_files.include('lib/**/*.rb')
+end
@@ -0,0 +1,3 @@
+require 'openvas_upload'
+
+Category.find_or_create_by_name(OpenvasUpload::Configuration.category)
@@ -0,0 +1 @@
+# Install hook code here
@@ -0,0 +1,21 @@
+# OpenvasUpload
+
+require 'openvas_upload/filters'
+require 'openvas_upload/meta'
+
+# This includes the import plugin module in the dradis import plugin repository
+
+module OpenvasUpload
+ class Configuration < Core::Configurator
+ configure :namespace => 'openvas'
+ setting :category, :default => 'OpenVAS Scanner output'
+ setting :author, :default => 'OpenVAS Scanner plugin'
+ setting :node_label, :default => 'OpenVAS Output'
+ end
+end
+
+module Plugins
+ module Upload
+ include OpenvasUpload
+ end
+end
Oops, something went wrong.

0 comments on commit 0fcaec9

Please sign in to comment.